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Abstract. We discuss the treatment of initial datatypes and final process types in the 
wide-spectrum language HasCASL. In particular, we present specifications that illustrate 
how datatypes and process types arise as bootstrapped concepts using HasCASL's type 
class mechanism, and we describe constructions of types of finite and infinite trees that 
establish the conservativity of datatype and process type declarations adhering to certain 
reasonable formats. The latter amounts to modifying known constructions from HOL to 
avoid unique choice; in categorical terminology, this means that we establish that quasitop- 
oses with an internal natural numbers object support initial algebras and final coalgebras 
for a range of polynomial functors, thereby partially generalising corresponding results 
from topos theory. Moreover, we present similar constructions in categories of internal 
complete partial orders in quasitoposes. 



Introduction 

The formally stringent development of software in a unified process calls for wide-spectrum 
languages that support all stages of the formal development process, including abstract 
requirements, design, and implementation. In the Casl language family [3], this role is 
played by the higher-order Casl extension HasCasl [291 128j. Like in first-order Casl, a 
key feature of HasCasl is support for inductive datatypes, which appear in the specification 
of the functional correctness of software. In the algebraic-coalgebraic language CoCasl |13j . 
this concept is complemented by coinductive types, which appear as state spaces of reactive 
processes. Many issues revolving around types of either kind gain in complexity in the 
context of the enriched language HasCasl; this is related both to the presence of additional 
language features such as higher order types and type class polymorphism and to the nature 
of the underlying logic of HasCasl, an intuitionistic higher order logic of partial functions 
without unique choice which may, with a certain margin of error, be thought of as the 
internal logic of quasitoposes (more precisely, it is the internal logic of partial cartesian 
closed categories with equality [251 ES] ) • 
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Here, we discuss several aspects of HasCasl's concept of inductive datatype, as well as 
the perspective of adding coinductive types to HasCasl. To begin, we present the syntax 
and semantics of inductive datatypes, which may be equipped with reachability constraints 
or initiality constraints; both types of constraints may be relatively involved due to the fact 
that constructor arguments may have complex composite types. We then go on to show 
how initial datatypes may be specified in terms of HasCasl's type class mechanism. On 
the one hand, this shows that initial datatypes need not be regarded as a built-in language 
feature, but may be considered as belonging into a 'HasCasl prelude'. On the other hand, 
the specifications in question give a good illustration of how far the type class mechanism 
may be stretched. We then briefly discuss how a simple dualisation of these specifications 
describes final process types in the style of CoCasl; thus, the introduction of such types 
into HasCasl would merely constitute additional syntactic sugar (although concerning the 
relationship to Casl and CoCasl, for both datatypes and process types certain caveats 
apply related to HasCasl's Henkin semantics). 

Finally, we tackle the issue of the conservativity of datatype and process type declara- 
tions. We follow the method employed in standard HOL [18^12]. which consists in defining 
a universal type of trees and then carving out the desired inductive or coinductive types. 
However, the constructions need to be carefully adapted in order to cope with the lack of 
unique choice. Abstracting our results to the categorical level, we prove, in partial gen- 
eralisation of corresponding results for toposes [ElllO], that any quasitopos (indeed, any 
partial cartesian closed category with equality and finite coproducts) with nno supports 
initial algebras and final coalgebras for certain classes of polynomial functors. Moreover, 
we obtain corresponding results for datatypes and process types equipped with complete 
partial orders (the former are called free domains in HasCasl). These types serve as 
the correspondent of programming language datatypes in HasCasl's internal modelling of 
denotational semantics. 

The material is organised as follows. We recall some aspects of the syntax and semantics 
of HasCasl, including the relationship between HasCasl' Henkin models and categorical 
models, in Sect. [H In Sect. O we expand on the semantics of generated and free datatypes 
in HasCasl. These two sections summarise material from \26\ [28] . We then go on to 
present the bootstrapped specification of the syntax and semantics of signature functors and 
inductive datatypes using the type class mechanism in Sect. [3l In Sect. |3]we discuss how 
these concepts extend naturally to coinductive process types. We present the constructions 
establishing the conservativity of datatype and process type declarations in Sect.O Finally, 
we recall the modelling of general recursive programs by means of an adapted version of 
domain theory in Sect. [H and show how the constructions of plain initial datatypes and 
final process types can be modified to obtain corresponding constructions on domains. 

1. HASCASL 

The wide-spectrum language HasCasl [29] extends the standard algebraic specification 
language Casl by intuitionistic partial higher order logic, equipped with a set-theoretic 
Henkin semantics, an extensive type class mechanism, and HOLCF-style support for recur- 
sive programming. HasCasl moreover provides support for functional-imperative specifi- 
cation and programming in the shape of monad-based computational logics [30l [32l [HI [35] . 
Tool support for HasCasl is provided in the framework of the Bremen heterogeneous tool 
set Hets ^12j. We expect the reader to be familiar with the basic Casl syntax (whose use 
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in our examples is, at any rate, largely self-explanatory), referring to O [T4j for a detailed 
language description. Below, we review the HasCasl language features most relevant for 
the understanding of the present work, namely type class polymorphism and certain details 
of HasCasl's higher order logic; see |28j for a full language definition. Moreover, we recall 
HasCasl's Henkin semantics and its relation to categorical models in quasitoposes and, 
more generally, partial cartesian closed categories with equality [26]. 

1.1. The internal logic of HasCasl. The logic of HasCasl is based on the partial 
A-calculus |11] . It is distinguished from standard HOL by having intuitionistic truth values 
and partial function types t — >? s (besides total function types t — > s); A-abstractions 
Xx : t • a denote partial functions, i.e. inhabitants of partial function types t — >? s, while 
total A-abstractions, inhabiting the total function type i — > s, are denoted A x : s •! a. There 
are moreover a unit type Unit, with unique inhabitant (), and product types sxt. Predicates 
then arise as partial functions into Unit, where definedness is understood as satisfaction, 
and the type of truth values is Logical = Unit — >? Unit. We denote application of a function 
/ to an argument x as f x, under the convention that application is left-associative. As 
in [26], we moreover denote hy a \ (j) the restriction of a term a to a formula (p, i.e. a \ (j) is 
defined iff a is defined and (j) holds, and in this case is equal to a (essentially, \ is just the 
first projection). 

In a partial setting, there are numerous readings of equality; here, we require strong 
equality, denoted = and read 'one side is defined iff the other is, and in this case, both sides 
are equal', as well as existential equality, denoted = and read 'both sides are defined and 
equal'. Equality of terms in the partial A-calculus is axiomatised largely as expected |lli,i26j. 
with a few subtleties attached to partiality — e.g. /3-equality (Ax : t • 0)7 = a[7/x] holds 
only if the term 7 is defined. We assume that equality is internal, i.e. that there exists on 
every type a binary predicate representing existential equality, also written =; this defines 
the partial X-calculus with equality. In the partial A-calculus with equality, an intuitionistic 
predicate logic is defined in the standard way (see e.g. [25l[26]) by abbreviations such as 

Vx : t • = ((Ax : t • 4>) = {Xx : a • ())), 

where () is the unique inhabitant of Unit. The arising logic includes higher-order universal 
and existential quantifiers V, 3, propositional connectives A, V, =^>, -■, and truth values 
T, ±. 

The difference between the HasCasl logic and the more familiar topos logic [9j is 
the absence of unique choice [26J, where we say that a type a admits unique choice if a 
supports unique description terms of the form (ix : a.cj)) : a designating the unique element 
X of a satisfying the formula (p (which may of course mention x), if such an element exists 
uniquely (this is like Isabelle/HOL's THE [15j). In HasCasl, the unique choice principle 
may be imposed if desired by means of a polymorphic axiom [28j . The lack of unique choice 
requires additional effort in the construction of tree types establishing the conservativity of 
datatype and process type declarations; this is the main theme of Sect. [5j The motivation 
justifying this effort is twofold: 

• Making do without unique choice essentially amounts to admitting models in quasitoposes 
rather than just in toposes (see Section [L3]) . Interesting set-based quasitoposes include 
pseudotopological spaces and reflexive relations; further typical examples are categories 
of extensional presheaves, including e.g. the category of reflexive logical relations, and 
categories of assemblies, both appearing in the context of realisability models |19[ 123 ]. In 
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particular, the category of w-sets is a quasitopos but not a topos; it is embedded as a full 
subcategory into the effective topos, whose objects however have a much more involved 
description than w-sets [19]. Quasitoposes also play a role in the semantics of parametric 
polymorphism 

• A discipline of avoiding unique choice leads to constructions which may be easier to handle 
in machine proofs than ones containing unique description operators; cf. e.g. the explicit 
warning from [15], Sec. 5.10: 

"Description operators can be hard to reason about. Novices should try to avoid 
them. Fortunately, descriptions are seldom required. " 

As we shall discuss below, one occasion where the theory development of Isabelle/HOL 
does require description operators is the construction of datatypes, and our results shed 
some light on the question to which extend this can be avoided. 

1.2. Type class polymorphism. HasCasl's shallow polymorphism revolves around a 
notion of type class. Type classes are syntactic subsets of kinds, where kinds are formed 
from classes, including a base class Type of all types, and the type function arrow — >. 
Classes are declared by means of the keyword class; e.g. 

class Functor < Type Type 

declares a class Functor of type constructors, i.e. operations taking types to types. Types 
are declared with associated classes (or with default class Type) by means of the keyword 
type; e.g. a type constructor F of class Functor is declared by writing 

type F : Functor 

Such declarations may be generic; e.g. if Ord is a class, then we may write 

var a, b : Ord 
type a X b : Ord 

thus imposing that the class Ord is closed under products; note how the keyword var is used 
for both standard variables and type variables. Operations and axioms may be polymorphic 
over any class, i.e. types of operations and variables may contain type variables with assigned 
classes. 

In order to ensure the institutional satisfaction condition (invariance of satisfaction un- 
der change of notation), polymorphism is equipped with an extension semantics [33j : the 
only point to note for purposes of this work is that as a consequence, a specification exten- 
sion is, in Casl terminology, (model-theoretically) conservative, i.e. admits expansions of 
models, iff it only introduces names for entities already expressible in the present signature. 
In the case of types, this means that e.g. a datatype declaration is conservative iff it can be 
implemented subtype of an existing type. 
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1.3. Henkin Models and Partial Cartesian Closed Categories. The set-theoretic 
semantics of HasCasl is given by intensional Henkin models, where function types are 
equipped with application operators but are neither expected to contain all set-theoretic 
functions nor indeed to consist of functions; in particular, different elements of the function 
type may induce the same set-theoretic function. Such models are essentially equivalent 
to models in (varying!) partial cartesian closed categories (pccc's) with equality [26]; these 
categories are slightly more general than quasitoposes [1], which can be seen as finitely 
cocomplete pccc's with equality. Below, we summarise some of the details of the categorical 
viewpoint; we refer to [26^ [28] for the full definition of intensional Henkin models. 

A dominion |22] on a category C is a class A4 of monomorphisms in C which contains 
all identities and is closed under composition and pullback stable, the latter in the sense 
that pullbacks, or inverse images, of A^-morphisms along arbitrary morphisms exist and 
are in Ai. The pair (C,A4) is called a dominional category. A partial morphism X ^ Y 

in (C,A4) is a span X - ~^ D — ^ Y, where m G A4, taken modulo isomorphic change 
of D. Partial morphisms {m, f) are composed by pullback formation. Intuitively, {m, f) is 
a partial map defined on the subobject D X. The partial morphisms in {C,A4) form 
a category P(C,A^) (with small hom-sets if C is Al-wellpowered [IJ), into which C is 
embedded by mapping a morphism / to the partial morphism (id, /). If C is cartesian, i.e. 
has a terminal object 1 and binary products A x B, then C is a partial cartesian closed 
category (pccc) if the functor 

C ^ C ^ P{C,M) 
has a right adjoint for each object A in C. If in addition, A4 contains all diagonal morphisms 
A ^ A X A, then a monomorphism / in C is extremal iff / is regular iff / G (see e.g. [T] 
for definitions of extremal and regular monomorphisms). In this case, C is called a pccc 
with equality. 

Remark 1.1. The above constructive approach to partial maps is complemented by a 
variety of direct approaches which take the category of partial maps as basic and axiomatise 
its properties. The details of these approaches and their relationship to the constructive 
approach are discussed in some breadth in [26j. 

It has been shown in |26j that one has an equivalence between theories in the partial 
A-calculus with equality and pccc's with equality. Here, a theory consists of a set of basic 
types, from which composite types are obtained inductively by forming partial function 
types si X ■ ■ ■ X Sn — >■? t, a set of basic operations with assigned types, and a set of 
axioms, expressed as existentially conditioned equations (ece's) in this signature. Here, an 
existentially conditioned equation is a sentence of the form AiLi*^^^ ^ P = li where 
P, 7, and the Oi are terms formed from the basic operations, application, A-abstraction, 
and typed variables from a given context, and def a abbreviates the formula a = a, which 
states that the term a is defined. Note that since the higher-order internal logic recalled in 
Section [1.11 is defined through equality, a theory may alternatively be seen as having axioms 
using the full power of the internal logic. 

In the correspondence between categories and theories, one associates to every pccc 
with equality, C, an internal language Th(C) which has the objects of C as basic types and 
the partial morphisms as operations, as well as all ece's expressed in this language which 
hold in C as axioms. Conversely, one associates to every theory T in the partial A-calculus 
with equality a pccc with equality, CI(T), the classifying category of T. The objects of CI(T) 
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are pairs (F. 0) consisting of a finite context T = (xi : si; . . .;xn '■ Sn) of variables Xi with 
assigned types Sj and a formula (i.e. by the correspondence between predicates and partial 
functions discussed above just a definedness assertion) (p in context T. As (unlike in [26]) 
we include explicit product types in the language, we often assume that objects are just 
of the form (x : s.(j)), in order to avoid cluttering the notation. Such an object is thought 
of as the subtype of s determined by the property <j). Morphisms a : (T. (f)) — > (A. ^p) are 
(type-correct) substitutions of the variables in A by terms in context T such that (j) entails 

as well as definedness of cr{x) for every variable x in A; morphisms are taken modulo 
provable equality of terms under (p. In the simplified case where A is of the form (y : t), 
morphisms can just be regarded as being represented by single terms. 

The central facts establishing that the above correspondence is actually an equivalence 
are that 

• the pccc C is equivalent to CI(Th(C)), and 

• the theory Th(CI(T)) is a conservative extension of T. 

When reasoning about a pccc with equality, C, one may thus assume that C is actually of the 
form CI(Th(C)), i.e. freely move back and forth between logical and categorical arguments, 
and in particular construct objects in C as subtypes of types formed from C-objects. It 
is therefore helpful to recall how some important categorical concepts are reflected in the 
internal logic: 

• Composition is chaining of substitutions. 

• The product of types (F. 0) and (A. ip), where the contexts F and A are w.l.o.g. disjoint, 
is (F; A.0 A V). 

• Identities and product projections are just variables. 

• The equaliser of two morphisms {x : s. (f)) ^ {y : t. ip) given by terms a, /? in context x : s 
is the type {x : s.<p A a = j3). 

The constructions of initial datatypes and final process types in Sect. [5] will be based on 
this principle. They will, by the above equivalence, amount simultaneously to conservativity 
results in HasCasl and to existence theorems for datatypes and process types in the cat- 
egorical semantics. In the latter incarnation, they apply in particular to quasitoposes [36], 
which may be defined as finitely cocomplete pccc's with equality. This class of categories is 
technically related to toposes, the essential difference being that the internal logic of a topos 
speaks about all subobjects, while the internal logic of a quasitopos speaks only about the 
regular subobjects (or more formally that the classifier of a topos classifies all subobjects, 
and that of a quasitopos only the regular subobjects). 

Remark 1.2. Quasitoposes have a further, first order internal logic which is based on 
the full subobject fibration. Throughout this work, we use the term 'internal logic of a 
quasitopos', or more generally of a pccc with equality, to refer to the higher order internal 
logic based on the regular subobject fibration. 

As mentioned above, the range of examples is much broader in the case of quasitoposes; 
e.g. there are many interesting non-trivial concrete quasitoposes over Set, while concrete 
toposes over Set are always full subcategories of Set. Intuitively, quasitoposes support a 
distinction between 'maps', i.e. functional relations, and 'morphisms', i.e. functions, while 
the two concepts coincide in toposes. Similarly, quasitoposes distinguish between partial 
maps, designated below by the symbol — >?, and single-valued relations. In the internal 
logic, the difference is captured precisely by the fact that toposes admit unique choice, 
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while quasitoposes do not. Objects ^ in a quasitopos (or in a pccc with equahty) that 
do admit unique choice in the sense described in Sect. 11.11 are cahed coarse. Explicitly, A 
is coarse iff there exists a function c from the type Sg{A) of singleton subsets of A to A 
such that c{p) is in p (and hence p = {c{p)}) for every p : Sg{A); in this case, the unique 
description term lx : A • cj) can be defined as c (Ax : A • (j)). 

To give the reader a basic feeling for the above issues, we recall one of the simplest exam- 
ples of a non-trivial set-based quasitopos, the category ReRe of reflexive relations [T]. The 
objects of ReRe are pairs (X, R) with R a reflexive relation on the set X, and morphisms 
/ : [X, R) {Y, S) are relation-preserving maps f : X —f Y, i.e. f{x)Sf{y) whenever xRy. 
We say that (X, R) is discrete if R is equality, and indiscrete if R = X x X. The coarse 
objects of ReRe are precisely the indiscrete objects. The category ReRe has a natural 
numbers object, i.e. an initial algebra for the functor _+ 1, namely the discrete structure 
on the set of natural numbers. In particular, the natural numbers object fails to be coarse, 
i.e. does not support unique choice. 

2. Datatypes in HASCASL 

HasCasl supports recursive datatypes in the same style as in Casl [3l[T3]. To begin, an 
unconstrained datatype t is declared along with its constructors Cj : tji — > . . . — > tn^. t 
(where the function arrows and — >? are right associative) by means of the keyword type 
in the form 

type ::= ci tn ... tik^ \ ■ ■ ■ \ Cn tni ■ ■ ■ tnkn 
(mutually recursive types are admitted as well, but omitted from the presentation for the 
sake of readability; their handling requires essentially no more than adding more indices). 
Here, f is a pattern of the form C ai ... o^, r > 0, where C is the type constructor (or type 
if r = 0) being declared and the are type variables. The tij are types whose formation 
may involve C, the type variables ai, and any types declared in the local environment, i.e. 
the context of preceding declarations. Optionally, selectors selij : t -^7 tij may be declared 
by writing {selij :ltij) in place of tij. All this is syntactic sugar for the corresponding 
declarations of types and operations, and equations stating that selectors are left inverse to 
constructors. 

Datatypes may be qualified by a preceding free or generated. The generated con- 
straint introduces an induction axiom; this corresponds roughly to term generatedness ('no 
junk'). The free constraint ('no junk, no confusion') instead introduces an implicit fold 
operator, which implies both induction and a primitive recursion principle. If one of these 
constraints is used, then recursive occurrences (in the tij) of C are restricted to the pattern 
t = C ai ... ar appearing on the left hand side; i.e. HasCasl does not support poly- 
morphic recursion. If a free constraint is used, then additionally recursive occurrences of 
t are required to be strictly positive w.r.t. function arrows, i.e. occurrences in the argu- 
ment type of a function type are forbidden. We omit a detailed discussion of generatedness 
constraints [28]. The semantics of freeness constraints is defined in more detail as follows. 

Standardly, initial datatypes are characterised by the abovementioned induction axioms 
(no junk) and additionally by the no confusion condition, stating essentially that all terms 
formed from the constructors and given elements of the types in the local environment 
denote distinct values. By the discussion in Sect. 11.31 it is clear that these conditions are 
insufficient in the setting of HasCasl's internal logic: in the maps vs. morphisms metaphor, 
they constrain only the underlying set of a datatype, not its structure. E.g. in the quasitopos 
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ReRe of reflexive relations, the no-junk- no-confusion axioms for the datatype of natural 
numbers, i.e. the Peano axioms, will be satisfied by any object whose underlying set is the 
set of natural numbers. In particular, one will not be able to prove a recursion principle 
from the Peano axioms (which is possible under unique choice [Uj), as models of the Peano 
axioms in general fail to be initial algebras. 

As mentioned above, the semantics of free datatypes in HasCasl is therefore deter- 
mined by a fold operator, i.e. free datatypes are explicitly axiomatised as initial algebras. 
As indicated above, recursive occurrences of free types must be strictly positive, i.e. types 
like L ::= abs (L L) and L a ::= abs {{L ^ a) — > a) are illegal, while 

free type Tree a b ::= leaf b \ branch (a — > Tree a b) 
is allowed. Free datatypes may thus be seen as initial algebras for functors. In the standard 
case, the functors in question are polynomial functors, with multiple arguments of construc- 
tors represented as products and alternatives represented as sums. E.g. the signature of the 
tree type above induces the functor Fab given by 

FabC = 6 + (a ^ c). 

The general mechanism for extracting functors from datatype declaration is explained in 
more detail in Sect. [3l This mechanism relies on type classes to ensure that user-defined 
type constructors appearing in constructor arguments are actually functors. The latter will 
in particular be the case if type constructors are defined as free datatypes with functorial 
parameters; e.g. the above declaration induces a functor taking b to Tree a b. 

For now, we take for granted that a free datatype t as in the beginning of this section 
can be regarded as an initial algebra a : F t ^ t for a functor F. Initiality is expressed by 
means of a polymorphic fold operation 

fold:{Fb->b)-*t^b 

for b : Type, and an axiom stating that, for d : F b ^ b, fold d is the unique -F-algebra 
morphism from a to d, i.e. the unique map f : t ^ b satisfying 

do{F f) = foa. 

Initiality implies induction and term distinctness, i.e. the usual no-junk/no-confusion con- 
ditions: term distinctness follows from the fact that structure maps of initial algebras are 
isomorphisms (Lambek's lemma); induction for a predicate P on t is proved by applying 
fold at the type b = [x : t. P x). (The semantics of polymorphism in HasCasl prescribes 
that polymorphic operators such as fold do have instances at subtypes [28]. For polynomial 
functors, the use of such instances can be circumvented; see Remark l5.7l for more comments 
on this point.) Moreover, one obtains a primitive recursion principle by means of a simul- 
taneous recursive definition of the identity (as suggested in [6]): The fold operation allows 
defining recursive functions f : t ^ b, where a : F t ^ t is the initial datatype for the 
functor F, using the iteration scheme, i.e. 

f {a x) = d (F f x) ioi X : F t 
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(which is just a restatement of the previous equation). One may thus in particular define a 
function g : t ^ t x b hy 

g {ax) = (Ay : F{t x b) , (a {F tti y),dy)) {F g x) 

= (q {F TTi {F gx)),d {F gx)) 

= (q {F {TTiog) x)),d {F gx)) 

where tti denotes the first projection \{x, z) : t x b » x. Here, the actual body of the re- 
cursive definition is the map d : F{t x b) ^ b. The defining equation of g implies that 
(vTi o g) [a x) = a {F (vri o ^r) x)) and hence, by uniqueness of folds, that the first compo- 
nent TTi o^r of (7 is the identity on t. Therefore, g = Xy : t • {y, {tt2 o g) y), so that the second 
component f = 712 o g g, where tt2 '■ t x b ^ b denotes the second projection, satisfies 

f {ax)=d{F{Xy:t. (yjy)) x). 

Conversely, every solution / of this equation yields a solution g = Xy : t • (y, / y) of the 
iteration equation for g. Thus we may define / : t ^ 6 by primitive recursive equations, 
whose right hand side may depend on applications / a; of / to constructor arguments 
X appearing in the pattern a x on the left hand side, as in the case of iteration, and 
additionally on the constructor arguments x themselves. 

Since by Lambek's lemma, the structure map of an initial algebra is an isomorphism, 
free datatypes a : F t ^ t inherit a case operator from the decomposition of F t as a sum; 
such an operator 

case X of ci yn ... yik^ ^ /i yii ... yik^ I . • • I ci y„i ... y„fc„ ^ /i yni ■ ■ ■ ynk„ 
is provided explicitly in HasCasl. 

Remark 2.1. Unlike in Casl, the meaning of free type does not coincide with that of the 
corresponding structured free extension free { type . . . }, which would require all newly 
arising function types to be also freely term generated. 

Example 2.2. Consider the following free datatype definitions, 
free type List a ::= nil \ cons (a; List a) 
free type Tree a b ::= leaf a \ branch (b List {Tree a b)) 
The declaration of List a induces the standard fold operation for lists. Moreover, the type 
class mechanism (see Section [3]) recognises automatically that the type constructor List is 
a functor, and in particular generates the standard map operation. For Tree, we obtain a 
polymorphic fold operation 

fold : (a ^ c) ^ ((6 List c) ^ c) — > Tree a b ^ c. 
This operation is axiomatised as being uniquely determined by the equations 

fold f g {leaf x) = f x and fold f g [branch s) = g (map {fold f g) o s). 
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spec Functor = 

vars a, b, c : Type; x : a; f : a —> h; g : h ^ c 
ops __comp__ : (b ^ c) x (a — > 6) — > a ^ c; 
id : a — > a 

• id X = X 

• {g comp f) X = g if x) 
class Functor < Type Type 

{vars a, b, c : Type; F : Functor; f : a ^ b; g : b ^ c 
op map : (a ^ b) ^ F a ^ F b 

• map id = id : F a ^ F a 

• map (g comp f) : F a ^ F c = (map g) comp [map f) 
} 

class Bifunctor < Type Functor 

{vars a, b, c, d : Type; F : Bifunctor; f : a ^ b; g : b ^ c; h : c ^ d 
op parmap : {a ^ b) ^ F a d ^ F h d 

• parmap id = id : F a d ^ F a d 

• parmap (g comp f): Fad^Fcd = (parmap g) comp {parmap /); 

• {parmap /) comp {map h): Fac^Fhd = {map h) comp {parmap /) 

} 

Figure 1: HasCasl specification of functors 

3. Initiality via the Type Class Mechanism 

Tlie concept of free datatype described in the previous section may be regarded as boot- 
strapped, i.e. as being a HasCasl library equipped with built-in syntactic sugar rather than 
a basic language feature. The crucial point here is that HasCasl's type class mechanism 
allows talking about functorial signatures, algebras for a functor, and algebra homomor- 
phisms. 

Figure [1] shows the constructor class of functors. Mutually recursive or parametrised 
datatypes require n-ary functors for n € N, and in fact occasionally type constructors which 
are functorial only in some of their arguments; since HasCasl does not feature dependent 
classes, the corresponding classes need to be specified one by one, as exemplified in Fig. [1] 
by a specification of bifunctors. This is not a problem in practice, as typically only small 
values of n are needed; the specification of bifunctors illustrates how n + 1-ary functors can 
be specified recursively in terms of n-ary functors. 

Remark 3.1. One might envision a single specification of functors of arbitrary finite arity 
by abuse of syntax, as follows: declare a class Typelist and type constructors Nil : Typelist, 
Cons : Type Typelist — > Typelist, and define Functor as a subclass of Typelist Type. 
(Undesired semantic side effects may be eliminated by specifying the types Nil, Cons a Nil 
etc. to be singletons.) Similar tricks work in Haskell [8j but rely on multi-parameter type 
classes, which are currently excluded from the HasCasl design. 

For purposes of conservativity of datatype declarations, the class of polynomial functors 
(bifunctors etc.), shown in Fig. O plays an important role. An n-ary functor is polynomial 
if it can be generated from projection functors (the identity functor if n = 1) and constant 
functors by taking finite sums and products. These operations, and similar constructions 
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spec PolyFunctors = 

Functor 
then classes Poly Functor < Functor; 

PolyBifunctor < Type PolyFunctor; 
PolyBifunctor < Bifunctor 
vars F, G : PolyFunctor; H, K : PolyBifunctor; a, b, c : Type 
type Sum b c ::= inl b \ inr c 
vars f : b ^ a; g : c ^ a; h : Sum b c ^ a 
op sumcase : {b ^ a) ^ {c ^ a) ^ Sum b c ^ a 

• h = sumcase f g 

<^ y X : b; y : c • h (inl x) = f x A h {inr y) = g y; 
types Fst a b := a; 
Snd a b := b; 
Id b := b; 

ProdF F G b := F b X G b; 

ProdBF H K b c := H b c X K b c; 

SumF F G b := Sum (F b) {G b); 

SumBF H K b c := Sum [H b c) {K b c) 
types Fst a, Id, ProdF F G, SumF F G : PolyFunctor; 

Fst, Snd, ProdBF H K, SumBF H K : PolyBifunctor 
var k : a ^ b 

• (map k : SumF F G a ^ SumF F G b) 

= sumcase [inl comp map k) {inr comp map k) 

• [parmap k : SumBF H K a c ^ SumBF H K b c) 

= sumcase {inl comp parmap k) {inr comp parmap k) 

• . . . %% definitions of map and parmap for the other cases 

Figure 2: HasCasl specification of polynomial functors 



in Fig. [3l are defined as type synonyms, i.e. as mere abbreviations of existing types. ^ The 
obvious definitions of the map and parmap operations are omitted for most of the functors 
introduced in Fig. [2l except in the case of sums. Note that HasCasl does not provide a way 
to exclude unwanted ('junk') further instance declarations for the class PolyFunctor, i.e. to 
say that the class is generated by the given generic instances. As in Fig. [H we show only 
the specification for functors of arity at most 2; the extension to higher arities is obvious. 

In Fig. [3l we present a specification of algebras for a functor. The set of algebra struc- 
tures for a functor F on a type a is given by the type constructor Alg, which depends on 
both F and a and thus has the profile Functor Type Type; it is given as a type syn- 
onym for the type F a ^ a. Similarly, the type constructor AlgMor for algebra morphisms 
depends on F and types a, b forming the carriers of the domain and the codomain, respec- 
tively. Algebra morphisms are treated as triples consisting of two algebra structures and a 

"'^Consequently, the specifications, while correct according to the HasCasl language definition, fail to 
pass the static analysis in the present version of the heterogeneous tool set Hets [12], as type synonyms are 
currently immediately expanded and /3-reduced; this will be remedied in future versions of the tool. In [27] . 
we have used type declarations with explicit constructors as a workaround in place of type synonyms; for 
purposes of the present work, we have given preference to readability of specifications. 
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spec Algebra = PolyFunctors 
then vars F : Functor; a, h : Type 
type Alg F a ■.=F a ^ a 

op : Pred ((a ^ 6) x (^/^ F a) x {Alg F b)) 

vars f : a ^ b; alpha : F a; beta : Alg F b 

• (/ :: alpha — > beta) (beta comp {map /)) = (/ comp alpha) 

type AlgMor F a b = {(/, a/p/ia, beta) : (a — > 6) x A/f/ Fax Alg F b 

f :: alpha beta } 
classes DTFunctor < Functor; Poly Functor < DTFunctor 
{vars F : DTFunctor; a : Type 
type InitialCarrier F 

ops initialAlg : Alg F (InitialCarrier F); 

ifold : Alg F a ^ InitialCarrier F ^ a 
vars alpha : Alg F a; g : InitialCarrier F ^ a; 

• {g initialAlg alpha) g = ifold alpha; 

} 

var G : PolyBifunctor 

type ParamDT G a := InitialCarrier {G a) 

type ParamDT G : DTFunctor 

vars I : ParamDT G a; b : Type; f : a ^ b 

• map f I = ifold (initialAlg comp parmap f) I 

Figure 3: HasCasl specification of initial algebras 



map between the carriers, thus circumventing the absence of dependent types — such as 
the 'type' of algebra morphisms between algebras alpha and beta — in HasCasl (these can 
be conservatively added to the language |25j, however at the price of making type checking 
undecidable) . 

Initial algebras are then specified by means of two operations: a type constructor 
InitialCarrier that assigns to a functor the carrier set of its initial algebra, and a polymor- 
phic constant initialAlg which represents the structure map of an initial algebra for F on 
this carrier. Initiality of this algebra is specified by means of an explicit fold operation, 
called ifold in the specification. As initial algebras will exist only for some functors, the 
abovementioned operations are defined only on a subclass DTFunctor ('datatype functor') 
of Functor. We declare the class PolyFunctor (Fig. [2]) to be a subclass of DTFunctor , 
thus stating that all polynomial functors have initial algebras as proved in Sect. [Sj due to 
possible junk in the class PolyFunctor (see above), this is consistent but non-conservative. 
Moreover, we state that initial algebras depend functorially on parameters in the case of 
polynomial bifunctors and that the arising functor again has an initial algebra (as nested 
recursion may be coded by mutual recursion in the standard way [7]) by defining a type 
constructor ParamDT which maps a polynomial bifunctor G to the functor that takes a 
type a to the initial algebra of the polynomial functor G a, and by declaring ParamDT G 
to be an instance of DTFunctor. 

Remark 3.2. Note that functors induced by parametrised initial datatype declarations are 
declared as instances of DTFunctor in Fig. [3] only if the signature functor is polynomial. 
It is not possible to extend this mechanism to arbitrary parametrised datatypes, as the 
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corresponding functors need not themselves have initial algebras. As a simple example, 
consider the declaration 

var a : Type 

free type C a ::= abs {Pred a) 

which defines C a as the initial algebra of the functor F given hy F a h = Pred a, i.e. F 
takes the powerset of its first argument and ignores the second. Thus, C a is isomorphic to 
Pred a and hence, by Russell's paradox, the functor C does not have an initial algebra. 

We conclude with a brief description of how the data above are generated by the static 
analysis of actual HasCasl specifications. The functor F associated to the declaration of a 
datatype t as in the beginning of Sect. [2] is a sum of n functors Fi, one for each constructor 
Cj; the functor Fj, in turn, is a product of ki functors Fij, corresponding to the tij. The 
tij are, by the restrictions laid out in Sect. El inductively generated from types in the local 
environment, t = C ai ... an, and the type variables Oj by taking products, exponentials 
■s — > t or s — >? t, where s is a type formed from the ai and the local environment, and 
applications D si ... of type constructors from the local environment, the latter subject 
to the restriction that if Si contains a recursive occurrence of i, then the dependence of D 
of its z-th argument must be functorial. The latter property is tracked by means of the 
type class mechanism; in particular, instances of Functor are generated automatically for 
parametrised datatypes such as the type List a of Example 12. 2[ Given this format of the 
tij, it is straightforward to associate a functor to each tij (using further generic instances 
of Functor, in particular exponentials and closure under functor composition). Finally, an 
instance F : DTFunctor is generated. If this instance is already induced by the generic 
instances shown in Fig. [Sj then the datatype declaration is guaranteed to be conservative 
(see Section [5]); otherwise, conservativity and in fact consistency of the datatype declara- 
tion becomes the responsibility of the user. This happens in particular when constructor 
arguments involve either type constructors from the local environment which are not them- 
selves declared as initial datatypes or exponentiation with types from the local environment. 
Whether or not datatype declarations are conservative in the latter case, which in particu- 
lar includes the case of infinite branching, remains an open problem; under unique choice, 
declarations of infinitely branching datatypes are conservative |10 1 118 1 1^]. If F is moreover 
of the class PolyBifunctor (or a corresponding class of functors of higher arity), then an 
instance C : DTFunctor is generated. 

Using the sumcase operation of Fig. [21 one can gather the constructors of t into a 
structure map c : F t ^ t; the freeness constraint then translates into the declaration of a 
two-sided inverse g of ifold c. The fold operation on t is obtained as fold a = {ifold a) o g. 

4. Process Types in HasCasl 

Although process types in the style of CoCasl, so-called cotypes [13], are not presently 
included in the HasCasl design, the results of the previous section indicate that cotypes 
could be integrated seamlessly into HasCasl. A cotype is a syntactic representation of 
a coalgebra for a signature functor. Cotypes are declared in a similar style as types; the 
crucial difference is that, while selectors are optional in a datatype, they are mandatory in 
a cotype, as they constitute the actual structure map of the coalgebra, and constructors are 
optional. Thus, the core of a cotype declaration has the form 
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cotype t ::= {selu : tu; sehk^ : tu-J 1 • • • 1 (se/„i : tni; • • • ; selnk„ ■ tnk„) 
where t is a pattern C ai ... a„ consisting of a newly declared type constructor C and type 
variables ai, . . . ,a„. A cotype induces axioms guaranteeing that the domains of selectors 
in the same alternative agree, and that the domains of all alternatives form a coproduct 
decomposition of the cotype. Thus, e.g. the models of the cotype 

cotype Proc ::= {out :? a; next :? Proc) \ (spawnl, spawnr : Proc) 
are coalgebras for the functor F given by FX = a xX+X x X. The semantics of cotypes, in 
particular cofree (i.e. final) cotypes, builds on a dual of the specification of algebras (Fig. [3]), 
where the type of algebras is replaced by a type C'oalg F a := a ^ F a, the definition of 
homomorphisms is correspondingly modified, and initiality is replaced by finality, i.e. unique 
existence of morphisms into the final coalgebra given by an unfold operation. For cofree 
cotypes, the codomains of the selectors are, as in the case of initial datatype, required to 
depend functorially on t; of course, this will not in general guarantee existence of final 
coalgebras. The extraction of functors from cotype signatures is analogous to the case of 
types as explained in Sect. [3l with two differences: 

• the class of functors that admit final coalgebras contains a generalised class of polynomial 
functors that allows replacing identity functors by exponentiation with constant exponents 
(see Section [5]); 

• unlike for free types, functors arising from cofree cotype declarations, even for polynomial 
functors, typically do not have final coalgebras. 

We omit the discussion of cogeneratedness of cotypes. 

The only subtle point in the matching between cotype declarations in HasCasl and 
coalgebras is that the conditions imposed in CoCasl to ensure that a cotype t with as- 
sociated functor F decomposes as a disjoint union of the domains of the selectors would 
in HasCasl be insufficient to guarantee existence of a single structure map t ^ F t, the 
point being, again, the absence of unique choice. As indicated above, we thus impose, in- 
stead of just disjointness and joint exhaustiveness of the domains, that the cotype is the 
coproduct of the domains, by introducing a polymorphic partial case operation similar to 
the sumcase operation of Fig. [21 E.g. for the cotype Proc above and f,g : Proc a, 
case f g = h : Proc — > a is defined whenever the domains of / and g equal the domains 
of out and spawnl, respectively, and in this case h extends / and g. (Under unique choice, 
case f g is definable as \p : Proc • lx : a • x = f{p) V x = g{p)-) 

5. CONSERVATIVITY OF DATATYPES AND PROCESS TYPES 

Free datatypes in HasCasl are not necessarily conservative extensions of the local environ- 
ment. Already the naturals may be non-conservative: as discussed in Sect.dl conservative 
extensions can only introduce names for entities already in the present signature, and a 
given model might interpret all types as finite sets. This problem arises already in standard 
HOL, where the construction of initial datatypes [18^ [2] is based on the naturals. The 
constructions given in [18', make heavy use of unique choice, so that the question arises 
whether similar constructions are possible in HasCasl. Below, we answer this question in 
the affirmative for the case of finitely branching datatypes; it remains open for the infinitely 
branching case. By the equivalence of HasCasl with the internal logic of partial cartesian 
closed categories with equality (Sect. II. Sh . our results extend to pccc's with equality and 
finite coproducts, and hence in particular to quasitoposes. 
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To begin, we fix the required additional infrastructure. As seen above, already the 
construction of signature functors for standard datatypes requires finite sums. These are 
specified (non-conservatively) in HasCasl by declaring a type constructor Sum as in Fig. [2l 
and moreover an initial type Zero which is specified as having a function zero : Zero — > a into 
every type a and satisfying the axiom Vx : Zero. _L, where we use T and _L to denote truth 
and falsity, respectively. This axiom means that the type Zero is uninhabited, and implies 
that for every type o, zero is the only function Zero — > a. Below, we denote sums by + and 
the initial type by in the interest of readability, with injection functions inl : A ^ A + B 
and inr : B —>■ A + B as usual; moreover, we use the standard case notation as discussed 
in the case of initial datatypes in Sec. [21 and denote the unit type Unit by 1. We write 
Bool for the sum type 1 + 1, denoting the associated case operator as if — then — else and 
the terms inl () and inr () as true and false, respectively. We refer to the extension of the 
partial A-calculus with equality by +, 0, and the associated operators and axioms as the 
partial X- calculus with equality and sums. 

Remark 5.1. In a cartesian closed category, finite coproducts are always internal in the 
sense that copairing is embodied in an operation (sumcase in the above notation) which 
satisfies the relevant laws (Fig. [2]) internally [20j. Thus, the internal language Th(C) of 
a pccc C with equality and finite coproducts has sum types as specified in Fig. [2l It is 
moreover clear that Th(C) has a type Zero = 0, operations — > a for every type a, and an 
axiom Vx : Zero. _L, the latter because the unique morphism — > 1 in C equalises the truth 
values T, _L : 1 ^ Logical. Conversely, the classifying category of a theory with sums has 
finite coproducts: one has to check that the binary coproduct of objects {x : a.cf)), (y : b. tp) 
exists in the classifying category; but this is just the object 

{z : a + h. case z of inl x ^ inr y ^ tp). 

Similarly, one easily checks that has a unique morphism into every object (x : a. (p) of the 
classifying category. It follows that 

the partial X-calculus with equality and sums is the internal logic of pccc' s 

with equality and finite coproducts. 
The search for the internal logic of quasitoposes, i.e. a logic that would be equivalent to 
quasitoposes via an internal language/classifying category correspondence, remains open. 
Recall that a quasitopos is a pccc with equality and finite colimits, i.e. finite coproducts and 
coequalisers. Hence, the missing ingredient is a suitable logical representation of coequalis- 
ers, i.e. quotients. We conjecture that the key to this is a generalisation from subtypes 
(x : a. (p) to subtypes with replacement, i.e. types of the form (/(x).x : a;(p), representing 
the quotient of (x : a. (/>) by the kernel of a function f : a ^ b. 

Unlike in toposes, coproducts in quasitoposes, and hence in pccc's with equality, need not 
be disjoint; i.e. the pullback of distinct coproduct injections need not be the initial object. 
Specifically, one has 

Proposition 5.2. Let C be a pccc with equality. Then C has disjoint finite coproducts iff 
C has a (.strict) initial object 0, the coproduct 1 + 1 exists in C, and the monomorphism 
— > 1 is regular. 

The proof needs the following observation. 

Lemma 5.3. If ^ 1 is regular in a pccc with equality, then every type a has a partial 
constant bot : 1 — >? a such that -idef {bot ()). 
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Proof. The assumption implies that is isomorphic to the object (x : 1. ±). Thus we can 
put bot X = z {x \ _L), where z is the unique morphism (x : 1. ±) = — > a. □ 

Proof (Proposition \5.S^) . 'Only if holds universally: If coproducts are disjoint, then — > 1 
is a regular monomorphism, being the pullback e.g. of the left injection 1 1 + 1, which 
is even a section. Moreover, initial objects in cartesian closed categories are always strict: 
since the functor _ x ^ is left adjoint for every A, it preserves the initial object 0, i.e. 
A X = 0; this is easily seen to imply that every object B that has a morphism i? ^ is 
initial. 

'If: Given Bool = 1 + 1 with operations false, true, and if — then — else as above, one 
can construct the binary sum a + 6 of objects a, 6 in C as 

(x : 1 ^? a, y : 1 ^? 6, z : Bool, (def (x {)) <^ z = true) A (def (y {)) <^ z = false)). 

The coproduct injections are given by inl x = {{\z : 1 • x), (Az : 1 • bot ()), true), and 
inr y = {{Xz : 1 • bot ()), (Xz : 1 • y), false), with bot according to Lemma 15.31 The 
copairing h = sumcase / <? of functions f : a ^ c, g : b ^ c is then defined as 

h {x,y,z) = if z then f (x ()) else g {y ()). 

It is easy to see that the copairing is uniquely determined. 

This proves existence of finite coproducts; it remains to prove that coproducts are 
disjoint. One checks by an easy diagram chase that if is strict and 1 + 1 is disjoint, then 
every coproduct is disjoint. It is moreover easy to see that if the monomorphism ^ 1 is 
regular, then 1 + 1 is disjoint. □ 

Remark 5.4. The previous statement means in particular that coproducts in a pccc with 
equality and finite coproducts, in particular in a quasitopos, are disjoint iff the monomor- 
phism — > 1 is regular. This may but need not be the case. Positive set-based examples 
include the above-mentioned quasitoposes of pseudotopological spaces and (reflexive) re- 
lations, respectively, and more generally any set-based quasitopos whose forgetful functor 
preserves pullbacks and induces a singleton fibre over the empty set. The simplest example 
where — > 1 is not regular are Heyting algebras, which are quasitoposes when regarded as 
thin categories: in these, is the bottom element, and 1 is the top element, but the only 
regular monomorphisms are the isomorphisms, so that 0^1 fails to be regular except in 
the degenerate case. Note that the Heyting algebras are, up to equivalence of categories, 
precisely the quasitoposes with an inconsistent internal logic, i.e. with T = +. An example 
with a consistent internal logic is the following. Let Spa('P) be the category whose objects 
are pairs {X,A) with X a set and A Q V{X), and whose morphisms {X,A) iY,l3) are 
maps f : X —I- Y such that for all A ^ A, f[A] £ B. By results of |lj (or easy direct 
verification), Spa('P) is a quasitopos. However, ^ 1 is not regular: is the object (0,0), 
while 1 is the object ({*}, 'P({*})) (and hence the regular subobject (z : 1.+) is (0,{0}), 
not (0,0)). 

Remark 5.5. The undefined constant bot of Lemma 15.31 can be used e.g. to define partial 
extraction functions outl : a + b — >? a, outr : a + b — >? b by outl z = case z of inl x — > 
X I inr y — s- bot (), analogously for outr. (This implies moreover that a and b are regular 
subobjects of a + b.) Conversely, it should be noted that unless coproducts are disjoint, 
types 1 — >? a may fail to have closed inhabitant terms, and extraction functions need not 
exist. Some constructions in the preliminary version of this work [27] erroneously made 
use of bot without identifying disjointness of coproducts as an additional assumption. The 
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main results, however, remain correct also without this assumption, as we show below; 
occasionally, this requires slightly unexpected workarounds. 

Remark 5.6. Under unique choice, Bool = 1 + 1 coincides with the type 

{p : Logical, p V -ip), 

with injections inl () = T and inr () = ±. The copairing h = sumcase f g of two functions 
/, g : 1 — > a is then defined as h p = tx : a • {p ^ f {) = x)f\{-^p =^ g {) = x). Moreover, it is 
easy to see that, under unique choice, the object {z : 1. _L) is initial. By Proposition 15.21 this 
reproves the well-known fact that toposes have disjoint finite coproducts. In a quasitopos, 
one cannot in general construct Bool as a subtype of Logical — the latter is typically an 
indiscrete space, while Bool is typically discrete. E.g. in the quasitopos of refiexive relations. 
Logical carries the universal relation, while Bool carries the equality relation. 

As indicated above, we shall also need the standard notion of natural numbers object (nno). 
Categorically, an nno is an initial algebra for the functor _+l; in HasCasl, a corresponding 
type of natural numbers is specified as 
free type Nat ::= | sue Nat 

Remark 5.7. In a cartesian closed category, every nno is internal in the sense that the 
unique existence of an algebra morphism from the nno into a given _ + 1-algebra holds 
as a formula of the internal logic and is embodied by an operation, fold in the above 
notation [20]; the same holds for initial algebras, and dually for final coalgebras, of arbitrary 
strong functors, in particular polynomial functors. The explicit distinction of internal nno's 
used in [27] is thus superfiuous. It follows that the internal language of a pccc with equality, 
sums, and nno always has a type Nat as specified above. Conversely, the classifying category 
of a theory with sums and the type Nat will have (n : Nat. T) as an nno. To see this, one 
has to show that the fold operation applies also to _ + 1-algebras on subtypes (x : a.(p). 
This can be proved without resorting to instances of fold at such subtypes, as indicated 
in Sect. [21 as announced there, the argument presented in the following is general enough 
to apply to arbitrary polynomial functors. The relevance of this point is that assuming 
instances of fold at subtypes essentially amounts to postulating induction as a separate 
axiom, rather than deriving it from recursion. 

To begin, note that the induction principle on Nat may be proved using fold only at the 
type Logical: given a predicate P on Nat such that P and Vn : Nat • P n ^ P (sue n), 
define a predicate Q on Nat recursively by 

Q = P0 

Q {sue n) = Q n A P {sue n). 

Then Q has the defining property of fold g, where g : Logical + 1 ^ Logical is the copairing 
of the identity and T. As the constantly true predicate on Nat also has this property, it 
follows that Q and hence P hold universally. 

Then, a morphism d : {x : a. (p) + 1 ^ {x : a. (f)) induces in the obvious way a morphism 
d^ : ((1 -^1 a) + 1) (1 — >? a). One thus obtains / = fold d^ : Nat — > (1 -^1 a). It remains 
to show that / factors through {x : a.(j)), i.e. that f n is defined and satisfies (j)[f n/x] for 
all n; this is proved by induction. 
We have thus established that 

the partial X-ealeulus with equality, sums, and Nat is the internal language 

of pccc' s with equality, finite coproducts, and nno. 
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We shall now prove the existence of initial algebras and final coalgebras for certain classes 
of functors the categorical semantics, thus partially generalising known results for PF-types 
in toposes (e.g. [TO]). 

Definition 5.8. The class of polynomial functors is inductively generated from the identity 
functor and constant functors by taking finite sums and products. The class of extended 
polynomial functors is inductively generated from the exponential functors with constant 
exponent (including the identity functor by taking exponent 1) and constant functors by 
taking finite sums and products. 

Of course, the intended interpretation of the constructor class Poly Functor from Sect. [3] 
is the class of polynomial functors, and correspondingly for the more general constructor 
class appearing in the semantics of cotypes (Sect. H]) and the class of extended polynomial 
functors. 

Theorem 5.9. Let C be a pccc with equality, finite coproducts, and nno (e.g. a quasitopos 
with nno). Then 

(a) C has initial algebras for polynomial functors; 

(b) C has final coalgebras for extended polynomial functors. 

The constructions employed in the proof are essentially subtype definitions in the internal 
logic. By the discussion in Sect. I1.2l and ll.31 it follows that, as an extension of the specifica- 
tion of sums and the natural numbers, the declaration of a datatype t = C ai ... a„ with 
constructor arguments tij as in the beginning of Sect. [2] is conservative, provided that the 
tij are built from t, the Oj, and types from the local environment using only product and 
sum type formation. Moreover, the declaration of a final process type t = C ai ... as in 
Sect.Hlis conservative as an extension of the specification of sums and the natural numbers, 
provided that the codomains tij of the selectors are built from t, the Oj, and types from 
the local environment using only product and sum type formation and exponentiation with 
exponents not depending on t. Since the class of pccc's with equality, finite coproducts, 
and nno is easily seen to be stable under taking products of categories, Theorem 15.91 implies 
moreover that analogous results hold for declarations of several mutually recursive types or 
cotypes, respectively. 

We begin by proving the existence of a particular datatype, the type of lists: 

Lemma and Definition 5.10. Let C be a pccc with equality, finite coproducts, and nno. 
Then C has list objects, i.e. for every object A, the functor 1 + Ax _ has an initial algebra, 
the type of lists over A. 

Proof. We construct the type List of lists over a as 

List = 1 + (/ : Nat A,n: Nat. Vm : Nat • def {I m) ^m<n) 

(where < is defined recursively). We define the list constructors nil : List and cons : A —> 
List List by nil = inl () and 

cons X I = case I of inl () inr {{Xk : Nat • case k of ^ x \ sue m ^ x \ -L), 0) 

inr (/, n) inr {{Xk • case /c o/ — > x | sue m I m), sue n). 

Given a further 1 + Ax _-algebra B with operations c : B and f : A x B ^ B, the folded 
function g = fold c f : List — s- i? is defined hy g z = case z of inl () ^ c | inr {I, n) ^ h I n, 
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where h is defined by recursion over Nat: 

hlO = f (10) c 

h I {sue n) = f {I 0) {h {\k : Nat . / {sue k)) n). 

It is easy to check that g satisfies, and is uniquely determined by, the defining equation for 
fold c f. Moreover, as recursion on natural numbers is embodied as an operation, so is the 
recursion principle on lists. □ 

Note how in the construction of the list datatype, an explicit list length component serves 
to enable inheritance of the recursion operator from the natural numbers. This principle 
is also at the heart of the general construction of datatypes below, where we employ an 
explicit depth component on trees. Note moreover that this component is not needed in 
the construction of final coalgebras. 

A maybe slightly unexpected feature of the construction, which illustrates the points 
made in Remark 15. 51 is the fact that we need to treat the empty list as a special case — in 
general, we cannot code it as the everywhere undefined function Nat — >? A, as the latter 
may fail to exist. Singleton lists, on the other hand, are unproblematic: once we have an 
element x : ^ of the list in hand, we obtain an undefined term of type A as x f _L. 

Proof of Theorem \5.9l By Remark (53 we can conduct the proof in the classifying category 
of the internal language of C, the latter being a partial A-theory with equality, finite sums, 
and nno. 

(a): We can assume that the given functor F is of the normal form FX = Yl^=i ^ 
with /cj G N and constant parameter objects Ai. Moreover, by collecting all Ai with ki = 
into a single sum type (0 in case fc, > for all i), we may assume that fc, = iff i = 1, so that 
Ai may be thought of as the type of constants in the signature. Let A = + 1), with 

injections into the outer coproduct denoted irij, and injections into the inner coproducts 
denoted inl, inr as usual. Let Path be the type of lists of natural numbers (which exists in 
C according to Lemma [5.10p . with constructors nil : Path, eons : Nat — > Path — > Path. We 
now define a universal type of trees, from which the desired initial algebra will be carved 
out as a subtype, by 



where for {l,d,x) : DTree and p : Path, I p = ini z indicates that the subtree at p is either 
a leaf labelled y, if z = inl y, or a node labelled by the i-th constructor, if z = inr (), 
and d p = n indicates that the subtree at p has depth n. The third component x : is 
a dummy that serves only to enable the construction of undefined terms (see Remark 15. 5p . 
We put depth {I, d,x) = d nil for (/, d, x) : DTree, and for j : Nat, j > 0, we define a generic 
j-th selector by selj {l,d,x) = {I o {eons j),d o {eons j),x). Moreover, we define generic 
constructors Ci : Ai x DTree^^ DTree, thus making DTree into an F-algebra, by 



DTree = {I : Path -^7 A;d: Path ^? Nat; x : Ai) 



Ci {y, (/i,di,xi), . . . , {lk^,dk,,Xki)) = { ,,' ' , 

y{hd,y) 

where I and d are defined by case distinction as 




> 



(and hence i = 1, so that y : Ai) 



I nil = ini {inr ()) I {eons j p) 

d nil = 1 + max {di nil, . . . , dfc- nil) d {eons j p) 



{if j = then ini {inl y) else Ij p) 
{if j = then else dj p). 
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Here, the maximum is defined by recursion on the naturals, with max () = 0; and the if 
expressions abbreviate obvious case expressions. The expressions denoted for the sake of 

readabihty as Ij p and dj p on the right hand side in reaUty abbreviate long case distinctions 
over j = 1, . . . , j = ki, j > ki, with Ij p and dj p undefined for j > ki. E.g. for Ij, we have 



ljP = 



' hot A y 


if J 


= or J > fej 


h P 


if j 


= 1 






ifi 


— ki 



where hot a V = {ini y) f _L, and the case distinction can be emulated by a finite chain of 
0/suc case statements. 

Wc then take the carrier T of the desired initial algebra to be the smallest subtype of 
DTree closed under the q; thus, T inherits from DTree the structure of an F-algebra. Note 
that for all {l,d,x) : T, depth {l,d,x) > and I nil = irii {inr ()) for some i. We have to 
show that we can construct the function fold hi ... bn : T ^ B for functions 6j constituting 
an F-algebra on a type B. We define a primitive recursive function / : Nat — > T — >? B by 

/ (/, d, x) = hots X 

f {sue n) {l,d,x) = case I nil of 

{ini z — > ease z of inl y hots x 

I inr — > case I [0] of 

iui y — > case y of inr () — > hot b x 

inl w ^hi {w,fn {sell {I, d, x)), ... ,f n {selk^ {I, d, x))) 

otherwise — > hots x)i=i^,,,^n, 

where otherwise is a placeholder for all remaining cases in a case statement, in this case 
iuj y for j ^ i, hots x = {bi x) \ _L, and [0] = cons nil. Finally, put 

fold bi ... bn z = f {depth z) z. 

One verifies directly from the defining equations for / that this definition satisfies the fold 
equation. Moreover, one shows using the definition of T as the least subtype of DTree closed 
under the constructors that fold bi ... 6„ is total (i.e. one never runs into the exceptional 
cases hots x in the above definition of /), and uniquely determined by the fold equation. 

(h): We can assume that the given functor F has the normal form FX = X^^^ Ai x 
{Bi X), with constant parameter objects Ai, Bi: it is easy to see that the class of 
functors isomorphic to such normal forms contains all exponential functors and all constant 
functors (noting that parameter objects can also be 1 or 0) and is closed under sums; to 
see closure under products, note that a product of two such normal forms is a sum of 
summands of the form {Ax {B ^ X)) x {A' x {B' X)). Such a summand is isomorphic 
to {A X A') x {{B + B') ^X). 

Now put A = Y17=i ^^'^ ^ — Sr=i '^i*'^ injections ini in both cases. Define Path 
as the type of lists over B, with constructors nil, cons, and equip it with the standard snoc 
operation Path x B ^ Path. The universal type of infinite trees is 

PTree = Path ^? A 
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(where it is crucial that we omit the depth component present in the universal type DTree 
for initial datatypes). For / : PTree and p : Path, the intended reading oi f p = irii x is 
that position p in the tree behaves according to the i-th alternative and outputs x : Ai. The 
carrier of the final -F-coalgebra is then the subtype C of PTree consisting of those / such 
that 

def (/ nil) and (5-1) 
def if {snoc p {irii y))) ^ 3x : Ai » f p = iui x (5-2) 

for all i = 1, . . . ,n. (Note that f p = iui x entails that f p is defined.) We then define an 
F-coalgebra structure c : C ^ 'l27=ii^i ^ i^i ~^ ^))' with injections again denoted irii, by 
c f = case f nil of {ini x ini {x, Xy : Bi •! Xp : Path • / {cons {ini y) p)))i=i,...,n- 

Given a further F-coalgebra d : D ^ X^iLi(^« ^ ~^ ^))^ define the morphism 
u = unfold d : D ^ C recursively by 

u z nil = case d z of {ini {x,g) ini 2;)i=i,...,n 

u z {cons {ini v) p) = case d z of ini {x,g) u {g y) p 

where omitted cases in the second case statement are understood to be undefined — we 
are lucky enough to have the undefined term {u z p) \ 1. available for this purpose (see 
Remark [53]) . Since primitive recursion on lists is given by an operator, the above definition 
can be expressed as a term defining unfold d and indeed unfold as a function. It is immediate 
that u z satisfies ()5.ip : one proves by induction over p that u z satisfies also ()5.2p and 
therefore indeed belongs to C. One verifies directly that u satisfies the defining equation 
for unfold d. Finally, one shows by induction over Path that u is uniquely determined by 
the unfold equation. □ 

Remark 5.11. The proof of Theorem 15.91 (b) can be modified to prove that quasitoposes 
have so-called M-types |34j . We have omitted this aspect from the main line of the presen- 
tation, as it involves the use of dependent types (which exist in pccc's with equality [25j) 
and is not relevant for the semantics of HasCasl. We sketch some details for the interested 
reader, who may note that, discounting the need for the extra machinery of dependent 
types, the formulation of the proof is in fact slightly simpler in the case of M-types. 

An M-type is defined as a final coalgebra for general polynomial functors, i.e. functors 
Pq defined by 

Pq{X) = Y.a:A. (g-i(a)^X), 

where q : B ^ A'ls a. morphism, thought of as a dependent type {Ba)a:A with Ba = q^^{a), 
and the sum is a dependent sum, consisting of pairs (a, h) with a : A and h : Ba ^ X; one 
has projections vri, 7r2 with 7ri(a, h) = a and TT2{a, h) = h. One lets these A, B play the roles 
of A,B, respectively, as in the proof of Theorem 1 5. 9 ( then Equation 15.21 in the definition of 
C becomes 

def (/ {snoc p b)) <^ q b = f p. 
The definition of the Pg-coalgebra structure on C is now 

c / = (/ nil, X b : Bf nil •! Xp : Path • / {cons b p)). 
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Finally, the unique coalgebra morphism from u = unfold d : D ^ C from a further P^-coal- 
gebra d : D ^ Pq{D) into (C, c) is recursively defined by 

u z nil = TTi {d z) 

u z {cons b p) = u {tt2 {d z) h) p 

on the understanding that Ba is a subtype of B and that functions Ba X (such as 
112 {d z) : Bj^-^(^iiz) X) extend to partial functions B — >? X defined precisely on Ba 
(this is in agreement with the coding of dependent types in pccc's with equality according 
to [25] ) . The proof thus modified establishes that pccc 's with equality, finite coproducts, and 
nno, in particular quasitoposes with nno, have M -types. 

The diligent reader may wonder where the minor trick went that we had to apply in 
the construction of u in the proof of Theorem 15.91 (b): recall that we needed an undefined 
term of type A, which we obtained as {u z p) \ _L. No such thing is needed above (although, 
of course, the term is still available). The answer to this puzzle is that unless coproducts 
are disjoint, which by Lemma [531 gives us a constant hot : 1 — >? a at every type a, M-types 
do not generalise the final coalgebras of Theorem 15.91 since general polynomial functors 
do not actually generalise extended polynomial functors in the sense of the theorem. As a 
simple example, let A = 1 + 1 and B = Bi + Br, with the obvious projection q : B ^ A. 
Theorem 15.91 yields a final coalgebra for the extended polynomial functor F{X) = {Bi — > 
X) + [Br — > X), while the M-type considered above is a final coalgebra for the functor 
Pq{X) = : A.{q~^{a) X). Although one tends to believe that the two functors 
should be isomorphic, this is not in general true unless coproducts are disjoint. To see 
this, consider the construction of ^ a : A.{q~^{a) X) according to [25], which is just a 
reformulation of the natural set-theoretic description: 

Pg(X) = {f : B ^1 X;a: A.^h : B. def {f b) ^ q b = a). 

Using hot, we can construct an isomorphism h : F{X) — > Pq{X) by 

h (inl f) = ((Afe : B • case b of inl x ^ f x \ inr y hot ()), inl ()), 

analogously on the other summand, but without hot, the construction of h is not possible. 
Indeed, a simple example shows that Pq and F need not be isomorphic in general. Recall 
the category Spa(7^) from Remark 15.41 which has non-disjoint coproducts. Let Bi be the 
object 1 = ({*}, V{{*})) of this category, and let Br be the object 1q = {{*}, 0). Then F as 
above has F{l0) = (1 ^ l0)-|-(l0 I0) 7^ (the right hand summand contains the identity 
map). However, ^^(l^) = 0, as there is no partial morphism f : B = Bi + Br = 1 + 10 — >? Ig, 
because the structure of 1 + I0 contains the empty subset. 

Both part (b) of Theorem l5.9l and the above existence proof for M-types in quasitoposes 
complement recent results of van den Berg and De Marchi [33] (extending earlier work by 
Santocanale [24j), which live in the setting of locally cartesian closed categories with dis- 
joint coproducts and nno. In particular, existence of M-types in quasitoposes with disjoint 
coproducts, while not formally stated in [34], would seem to follow by a straightforward 
adaptation of the arguments used there (specifically, exchange decidable subobjects for reg- 
ular subobjects in the proof of Proposition 4.4 in [34j ) . We point out that in our setting, we 
obtain a comparatively simple construction of M-types — in the presence of partial func- 
tion types, one can write down the M-type directly as a type of certain partial functions 
on paths, while the framework of [34j requires a more roundabout approach involving in 
particular the construction of infinite trees as sequences of finite-depth approximations. 
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Remark 5.12. The crucial difference between tlie above proof and the constructions of [18^ 
[2] , which are also the basis of the topos-theoretic arguments in [10] , is the definition of the 
universal types as partial function spaces rather than types of sets of nodes, reflecting 
the fact that functional relations need not be functions in the absence of unique choice. 
Moreover, the construction of primitive recursive functions can no longer rely on an inductive 
construction of their graphs. It is an open problem whether our use of the depth function for 
this purpose in the case of initial datatypes can be generalised so as to cover also infinitely 
branching datatypes such as the type Tree a b from Example 12.21 or more generally W- 
types, i.e. initial algebras for general polynomial functors Pq as in Remark 15. Ill (such types 
do exist in toposes with nno [Ml [10]; even more generally, the existence of H^-types implies 
the existence of initial algebras for dependent polynomial functors [5]). 

6. Domains 

The treatment of general recursion in HasCasl is based on a HOLCF-style [21] internal 
representation of domains, phrased in terms of chain-complete partial orders. Some adap- 
tations to this theory are necessary in order to cope with the absence of unique choice [28] . 
We briefly recall the relevant definitions and results below, and then go on to discuss the ex- 
istence of initial datatypes in the category of domains. As already in the case of datatypes, 
we work in the internal language of a pccc with equality, sums, and nno; additionally, we 
assume disjointness of coproducts. 

The main difficulty is that without unique choice, we can no longer e.g. define the value 
at X of the supremum of a chain of partial functions fi as 'the value (if any) eventually 
assumed by the fi{xy. Hence the modified definition 

Definition 6.1. A partial order A with ordering C is called a complete partial order (cpo) 
if the type 1 — >? A, equipped with the ordering 

xQy^idefx {) ^ x {) Q y ()), 

has suprema of chains, denoted by (J, and a bottom element _L (the latter is not, of course, 
a bottom element of A itself). We call chains in 1 — >? A partial chains. We say that a cpo 
A is pointed (or a cppo) if A has a bottom element. We say that ^ is a flat cpo if A is a cpo 
when equipped with the discrete ordering. A partial function between cpo's is continuous iff 
it preserves suprema of partial chains. The types of total and partial continuous functions 
from A to B are denoted A — ^ B and A -^?B, respectively. 

Lemma 6.2. Let (xi) be a partial chain. Then |Jj Xj is defined iff^n • def x^. 

Cpo's can be specified as a class in HasCasl; this is carried out in detail in [28]. While 
under unique choice, all types can be made into flat cpo's, this need not be the case without 
unique choice. Cppo's in the above sense have least fixed points of continuous endofunctions 
/, constructed as suprema of (total) chains (/"-L); this is the basis of the interpretation of 
general recursive functions. Cpo's are closed under the usual type constructors: 

Proposition 6.3. Let A and B be cpo's. Then A x B, equipped with the componentwise 
ordering, is a cpo. 

Proposition 6.4. Let A and B be cpo's, and let C be a type. Then the types C ^ B, 
C ^1 B, A^ B, and A -^?B are cpo 's when equipped with the componentwise ordering; 
C ^1 B and A -^?B are moreover pointed. 
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Proposition 6.5. The unit type is a cpo. 
Corollary 6.6. If A is a cpo, then 1 — >? A is a cppo. 

In general, the sum of two cpo's, even Bool = 1 + 1, need not be a cpo when equipped with 
the sum ordering. However, we have 

Lemma 6.7. Cpo's are stable under sums of partial orders iff Bool is a flat cpo. 

Remark 6.8. The previous lemma is the crucial point where disjointness of coproducts (in 
the shape of hot) is needed. One could alternatively just assume that cpo's are stable under 
sums of partial orders, but this is conceptually not entirely satisfactory. 

The syntactic sugaring of domains in HasCasl includes a free domain construct that 
declares initial algebras in the category of cpo's and continuous functions (rather than in 
the category of types and functions as in the case of free type). We now show that the 
initial datatypes and final process types for polynomial and extended polynomial functors 
F, respectively, constructed in the proof of Theorem 15.91 can be made (respectively, in the 
case of final process types, slightly modified) into cpo's in such a way that they become 
initial algebras and final coalgebras, respectively, for the corresponding functor, denoted F, 
on the category of cpo's and continuous functions, where in the case of extended polynomial 
functors, function spaces are replaced by continuous function spaces. It is an important open 
problem whether this result can be extended to datatypes t with non-strict constructors, 
i.e. with arguments of type 1 — >? t, such as the type of lazy lists. In the following, we 
assume that Nat is a flat cpo (this may or may not be the case in concrete models [28]); 
consequently, Bool is also a flat cpo, and hence cpo's are stable under sums by Lemma [621 

Initial Datatypes as Cpo's. Let T be the initial algebra for the functor FX = Y^^=i{-^i ^ 
X^^) as in Sect. [5l where the parameter objects Ai are cpo's. Then the ordering on T is 
inherited, reusing here and below the notation from the proof of Theorem 15.91 from DTree 
(this is equivalent to the obvious recursive definition of a componentwise ordering), which 
by the above results and under the given assumptions is a cppo. 

Proposition 6.9. With the above ordering, T is an initial F-algebra in the category of 
cpo 's and continuous functions. 

Proof. It is easy to see that the constructors Cj as defined in the proof of Theorem 15.91 are 
continuous. To prove that T is a cpo, it suffices to show that the supremum in DTree of 
a partial chain s in T is again in T, provided that sups is a defined value in DTree. We 
proceed by induction over depth \_\ Sm- Let Sm = {Im, dm) for all m, and let sup Sm = (l, d). 
Then I nil = ini () for some i. By the definition of the sum ordering and Lemma 16. 2^ 
there is some m such that Ir nil = ini () for all r > m. Since Ir is in T, we have Sr = 
Ci [leaf I Sr, sell Sr, ■ ■ ■ , selk^ Sr) and selj Sr ■ T for j = 1, . . . ,ki and r > m. By continuity 
of Cj, it now follows from the inductive assumption that supSm belongs to T. 

It remains to be shown that for continuous functions hi representing a -F-algebra on a 
cpo B, the function fold hi ... 6„, : T ^ i? is continuous. It is easy to see that, given the 
auxiliary function / : Nat T —^1 B from the proof of Theorem 15.91 the function f n is 
continuous for every n in Nat. Since Nat is equipped with the flat ordering, it follows that 
/ itself is continuous. Continuity of fold hi ... 6„ = • / {depth z) z then follows by the 
(obvious) continuity of depth. In fact, / even depends continuously on the 6j, so that fold 
itself is continuous. □ 
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We have thus estabhshed that 

the category of cpo 's in a pccc with equality, disjoint finite coproducts, and 
nno has initial algebras of polynomial functors if the nno is a flat cpo, 

and hence that declarations of free domains for polynomial functors in HasCasl are 

conservative as extensions of the specification of sums and a flat cpo of natural numbers; 

moreover, the above proof shows additionally that the fold operator, and hence the primitive 

recursion operator, is a continuous higher order function. 

Final Process Types as Cpo's. Unlike in the case of initial datatypes, we have to modify 
the universal type PTree to the type 

CPTree = Path -^lA, 

again reusing the notation from the proof of Theorem 15.9^ in order to obtain a coalgebra 
structure for F. By the above results, including the fact that list types are cpo's, CPTree is 
a cppo. The deflnition of the subtype C, the structure map c : C — > FC, and the function 
u = unfold d : D ^ C for a continuous F-coalgebra d on a cpo D are otherwise literally 
the same as in the proof of Theorem 15. 9i It is easy to see that C is closed under suprema 
of chains in CPTree and hence a cpo. Since C consists of continuous maps, c f is really 
in FC (where functions Bi — ^ C must be continuous) for f : C. It is straightforward to 
check that c and u are continuous, using in the latter case the fact established above that 
primitive recursive functions (here, on Path), as well as the primitive recursion operator 
itself, are continuous. We have thus shown that 

the category of cpo's in a pccc with equality, disjoint finite coproducts, and 
nno has final coalgebras of extended polynomial functors if the nno is a flat 
cpo 

and hence that corresponding declarations of final process types as cpo's for extended poly- 
nomial functors in HasCasl are conservative as extensions of the specification of sums and 
a flat cpo of natural numbers. (Recall that such declarations are not a HasCasl language 
feature as such, but can be emulated according to Sect. [3] and [H) 

7. Conclusion 

We have laid out how initial datatypes and final process types are incorporated into Has- 
Casl, and we have established the existence of such types for a broad class of signature 
formats. The main contribution in the latter respect is the avoidance of the unique choice 
principle, which means that, on a more abstract level, our constructions work in any quasi- 
topos (more precisely, in any partial cartesian closed category with equality and finite 
coproducts) with a natural numbers object. We have moreover discussed how the con- 
structions can be adapted to yield corresponding types with a domain structure as used in 
HasCasl's internal modelling of general recursion. 

We have remarked that our construction of final process types can be modified to prove 
existence of so-called M-types [3l], i.e. final coalgebras for general polynomial functors, 
defined over signatures given in terms of an arbitrary morphisms q : B ^ A. While toposes 
with nno also have VF-types, i.e. initial algebras for such functors [lOj, the extension of 
our construction of initial datatypes beyond finite branching remains an open problem. 
A further point of interest for future research are datatypes with lazy constructors, such 
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as the type of lazy lists, in quasitoposes, and in particular in the category of internal 
cpo's in a quasitopos. Support for datatypes with finitary polynomial signatures is already 
implemented in the heterogeneous tool set Hets [I2]; support for more complex signatures, 
intertwined with HasCasl's type class mechanism as described here, is forthcoming. 
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